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SYSTEM SETUP 



• OWF is a one-way function 

•G is Z*por a finite recursive group such as 
elliptic curve group 

• g is a generator of G 

• f(p) is a function for expanding a password 
P to an input length of OWF 

•V(x) is a function for encrypting 
X with a key V 

• H(x) is a hash function 



USER 



Select random 
number r, 
and compute A 
(101a) 

Select random 

number x, 
and compute X 
(101b) xeG 

PASSWORD P 

Verify Auth by 
computing 
K=[V-W]^ 
If successful, 
complete server 
authentication, and 
proceed to the 
next step(1 03a) 
After computing 
TSK=H(K'II0), 
c=H(TSKIIA), 
send B(103b) 
Compute a session 
key SK 

SK=H(K'IIAIIBII2) 
(103c) 
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>101 



IDuser.A=OWF(r),X=V(gx) 



102 



Auth=H(K'll1),Y=V(gy) 



y 103 



104^ 



SERVER 



V=OWF(f(P)) 

Compute Auth 
K'=H(Kllg>'llgy|| 

IDuserlllDserver) 

K=[V-HX)]^ (102a) 
Select random 
and compute Y 
^(102b)y€G 



Verify B using c, V, 
and A. If successful, 
complete user 
authentication, 
and proceed to the 
next step(104a) 
Compute a 
session key SK 
SK=H(K'IIAIIBII2) 
(104b) 
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•(n=p*q (p and q are RSA fractions), e (fraction)) 

• G is Z*p or a finite recursive group 
sucin as elliptic curve group 

• g is a generator of G 

SYSTEM SETUP. f(p) is a function for expanding a 
password P into lg(n) bits 

• V(x) is a function for encrypting 
X with a key V 

• H(x) is a hash function 



USER 



Select random 
number r, 
and compute A 
(201a) re z; 
Select random 
number x, 
and compute X 
(201b) xeG ^ 

PASSWORD P 

Verify Auth by 
computing 
K=[\/-\Y)V . 
If successful, 
complete server 
authentication, and 
proceed to the 
next step(203a) 
After computing 
TSK=H(K'ilO), 
c=H(TSKIIA), 
send B(203b) 
Compute a session 
key SK 

SK=H(K'IIAIIBII2) 
(203c) 
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>201 



IDuser.A^r^mod n,X=V(g>^) 
202 < 

Auth=H(K'll1),Y=V(gy) 



V=[f(p)-M"mod n 

rCompute Auth(202a) 
K'=H(Kllg'<llgy|| 

IDuserlilDserver) 

Select random 
number y, 
and compute Y 

(202b)yeG 



V203 



B=r 



204^ 
'f(P)'mod n 



SERVER 



Verify B using 
B"*V==A mod n. 
If successful, 
complete user 
authentication, and 
proceed to the 
next step(204a) 
Compute a 
session key SK 
SK=H(K'IIAIIBII2) 
(204b) 
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SYSTEM SETUP 



• p and q are fractions 
•a is a generator of Z\ 

• G is Z*qOr a finite recursive group sucii as 
elliptic curve group, g is a generator of G 

• f(p) is a function for expanding a 
password P to lg(q) bits 

• V(x) is a function for encrypting 
X with a key V 

• H{x) is a hash function 



USER 



Select random 
number r, 
and compute A 
(301a) re Z*q 
Select random 
number x, 
and compute X 
(301b) xeG 

PASSWORD P 

Verify Auth by 
computing 
K=[V-^(Y)]'^ . 
If successful, 
complete server 
authentication, and 
proceed to the 
next step(303a) 
After computing 
TSK=H(K'IIO), 
c=H(TSKIIA), 
send B(303b) 
Compute a session 
key SK 

SK=H(K'IIAIIBII2) 
(303c) 
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>301 



IDuserA=a^mod p,X=V(g>' 



302 



Auth=H(K'll1),Y=V(gy) 



SERVER 



y 303 



304-^ 



B=r+f(P)*c mod q 



V=a-*<^^mod p 

^Compute Auth(302a) 
K'=H(Kllg'<llgy|| 

IDuserillDserver) 

K=[V-XX)]^ 
Select random 
number y, 
and compute Y 
(302b)yeG 



Verify B using 
aB*v'==A mod p 
If successful, 
complete user 
authentication, and 
proceed to the 
next step(304a) 
Compute a 
session key SK 
SK=H(K'IIAIIBII2) 
(304b) 
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SYSTEM SETUP 



•n=p*q (p and q are RSA fractions) 
•G is Z*p or a finite recursive group 

such as elliptic curve group 
•g is a generator of G 
•f(p) is a function for expanding 

a password P to lg(n) bits 
•V(x) is a function for encrypting 

X witli a key V 
'H(x) is a liasli function 



USER 



Select random 
number r, 
and compute A 
(401 a) r e z; 
Select random 
number x, 
and compute X 
(401b) xeG 

PASSWORD P 

Verify Auth by 
computing 
K=[V-W]^ . 
If successful, 
complete server 
authentication, and 
proceed to the 
next step(403a) 
After computing 
TSK=H(K'IIO), 
c=H(TSKIIA), 
send B(403b) 
Compute a session 
key SK 

SK=H(K'IIAIIBIj2) 
(403c) 



60- 



3pA=r2mod n,X=V(g'<) 



402 ^ 
Auth=H{K'll1),Y=V(g') 



y 403 



404- 



B=r*nf(S+i)'=' 



SERVER 



V.i=[f(P+1)"^fmod n 
W2=[f(P+2)-^f mod n 
V.3=[f(P+3)-^f mod n 

Vi" = [f(P+k)-^]2mod n 
V=H(Vi,V2;--,Vk) 

rCompute Auth 
K'=H(Kllgx||gy|| 

IDuserlllDserver) 

K=[V-XX)]M402a) 
Select random 
number y, 
and compute Y 
"(402b)yeG 

Verify B using 
A=B2.]r[y^'mod n 
If successful, 
complete user 
authentication, and 
proceed to the 
next step(404a) 
Compute a 
session key SK 
SK=H(K'IIAIIBII2) 
(404b) 



